Post on 08-May-2015
Measure What You Fix:
!
Asset Management Is Broken
Michael RoytmanData Scientist, Risk I/O
It is far better to grasp the universe as it really is than to persist in delusion, however satisfying and reassuring.
- Carl Sagan
Risk =More Can Happen
Than Will.
2. CVSS Score Reduction
Bad Remediation Metrics
1. Vulnerability Density
Part 1: !
Fix What Matters
I Love It When You Call Me Big Data50,000,000 Live Vulnerabilities
1,500,000 Assets
2,000 Organizations
I Love It When You Call Me Big Data
3,000,000 Breaches
Probability A Vuln Having Property X Has Observed Breaches
RANDOM VULN
CVSS 10
CVSS 9
CVSS 8
CVSS 6
CVSS 7
CVSS 5
CVSS 4
Has Patch
0.000 0.010 0.020 0.030 0.040
Probability A Vuln Having Property X Has Observed Breaches
Random Vuln
CVSS 10
Exploit DB
Metasploit
MSP+EDB
0.0 0.1 0.2 0.2 0.3
Part 2: !
Measure What You Fix
#DoingItWrong
Jet Engine x Peanut Butter SHINY!=
Current State of Remediation Performance Tracking
Where We Want To Be
Data 1.Active Breaches !
2.Metasploit Module !
3. ExploitDB Entry !
4. Popular Target
Framework
Estimate likelihood of breach event for each vulnerability.
Framework
An asset is only as safe as the riskiest vulnerability on that asset.
Model
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Breached In The Wild?
Metasploit Module Exists?
ExploitDB Entry?
Popular Target?
Less Risky
Model Actively
BreachedMeta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Actively Breached
Meta sploit
Exploit DB
Popular Target
Actively Breached
Meta sploit
Exploit DB
Popular Target
Actively Breached
Meta sploit
Exploit DB
Popular Target …
Better?
Model
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Asset
Model
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Asset
Model
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Asset Asset Asset
Model
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Actively Breached
Meta sploit
Exploit DB
Popular Target
Vuln
Asset = 5 Asset = 10 Asset = 4.375
Where We’re Going, We Don’t Need Peanut Butter
Where We’re Going, We Don’t Need Peanut Butter
An Engine Not A Camera
risk.io/jobs
@mroytman
WE HAVE JOBS